Last week we learned the NSA have been working on breaking encryption methods since 2000 – at least. Collusion with proprietary software provides allowed them to insert backdoors into encryption methods, compromising a widely relied on privacy measure and underscoring the lengths they are willing to go to to ensure that the content of internet communication is not hidden from them.
While code-breaking supercomputers are mentioned in the disclosures Bruce Schneier, one of the most respected cryptography experts commenting on this matter, assures us that the NSA have not been able to code-break any of the crypto used by cypherpunks and activists to shy away from prying eyes. Absolute clarity on the matter is unobtainable, as the NSA's capabilities in this regard are a tightly guarded secret. Against this backdrop it's not surprising to hear that 86% of (US) internet users have attempted some method of covering their tracks online. But the time has past for half measures: if you want to fuck the NSA check out our top 10 list.
Encrypt all the things
In the words of Schneier himself:
Trust the math. Encryption is your friend. Use it well, and do your best to ensure that nothing can compromise it. That’s how you can remain secure in the face of the NSA
In spite of the NSA's recent triumph the mantra of the cypherpunks still stands, your data is better obfuscated than not!. There's few better qualified than Schneier to recommend crypto applicatons so take your pick from GnuPG, TrueCrypt or Passlok.
Add Some Crypt-Callisthenics To Your Browsing Habits
Switch search engines to Duck Duck Go. Purge all the browsing detritus that makes you a sitting duck with BleachBit. Swap IM missives with OTR or Cryptocat. For good measure, give an open source Linux operating system a whirl (I'd vouch for Mint fwiw).
Bail out of the clearnet
Let's be clear: TOR is not a panacea to the all-seeing eye. If they really want, the NSA's pockets are deep enough to shell out for custom chips that can break TOR's encryption protocols. But more uptake of TOR will make NSA's job more difficult (it anonymises your communications with other users and scuppers the metadata analysis they're so fond of) and costly. If you needed evidence of what a gadfly TOR is to the powers that be, bear witness to the massive raid on TOR earlier this summer. For more pointers on getting off grid, check out our interview with Mesh Net frontiersman Isaac Wilder.
Go Hardcore on the ephemeral-net
Why not go cypherpunk straight-edge on Snapchat social-networking spirit and get your hands on Silent Circle, which takes that Snapchat to its extreme conclusion. Silent Circle's 'Silent Text' generates a new encryption key for every message sent, meaning only the sender and receiver can view a message. Even if it was intercepted in transit, it would be unreadable unless the interloper could obtain the encryption key (remember it's a new key per EVERY message) or use brute-force computing power to decrypt the content (something that is hard, computationally speaking, and thus resource intensive). For phone calls, not much beats Redphone.
Get your hands on some quantum cryptography
Is all this cracking and hacking a bit too effort intensive? If so then maybe you should get in on the ground floor of quantum cryptography, an encryption method that uses the 'spooky actions' of quantum interactions to guarantee communications cannot be eavesdropped upon. Toshiba are making grounds in this regard, developing a quantum access networking system that can accommodate, well, 64 people!
DTA – don't trust anyone
There's been some disclosures about which web giants have bent over and colluded with the NSA, and you can bet your bottom dollar there will be more forthcoming. While Google's efforts to bolster their encryption are laudable, we should be perfectly clear that any agitation we see in the coming weeks is all about brand protection (remember how quite Google et al were on CISPA once their business concerns vis a vis SOPA were alleviated?). Keep the EFF's list of who has your back in mind and remember that all of the stacks have previous form of screwing their users when push comes to shove.
Take cues from the Tactical Media Art Playbook
A host of artists have been prodding and probing the outlying edges of the surveillance state for the last two decades. If you watch where they're knocking you'll know what else in your networked life is coming under threat. The Critical Engineers, RYBN collective and Stacktivism are but some of the artists and collectives noted for their important interrogations of the surveillance state that insists on wrapping its tendrils around our metadata.
This week Apple ushered the era of biometrics into the realm of slavishly adored consumer electronics so the Rubicon has most definitely been crossed. Toronto-based Bionym offer up a more personal, less ominous option with the Nymi. It's a sensor bracelet in the mold of Nike's fuelband, which monitors your heartbeat through electrocardiogram (ECG) sensors. Your ECG is unique to you and so provides a robust and extremely personalised way to encrypt all your devices. Still, I wouldn't feel comfortable about this tech until Grindhouse Wetware build an open source approximation and make sure there's no scope for NSA backdoors!
Build a new internet
We've wondered before if the days of the WWW are numbered. As with any apocalyptic prediction, it's more likely to be wide of the mark than not. But that doesn't mean alternatives shouldn't be nurtured and given a crack of the whip. Vinay Gupta and Doug Belshaw are building Firecloud in the Mozilla Hatchery: it's a first step towards what Gupta calls The People's Cloud which in principle would hobble the ease with which NSA accesses all our data. In a similar vein is the Briar Project. Taking cues for the peer to peer approach that undergirds much of the 'darknet', this internet would be an immense boon for the embattled fourth estate investigators that leak information so that we sheeple know what the score is. While you're at it, show some Kickstarter love to Trsst - a decentralised and encrypted alternative to Twitter.
Educate and organise – host a cryptoparty
So calls to turn the next generation into digitally literate, active users – as opposed to passive consumers – of digital culture have been comfortably co-opted by innovation gurus the length and breadth of the UK and abroad. But honestly, fuck that noise, the economy and market are hollow rationales for doing this (you may find recent debate on the STEM myth illuminating). The real point is that an ethic needs to be cultivated. The hollowing out of computer programmer ethics was something pointedly illuminated by a recent appraisal of what's happened to the OHM Hacker festival in the Netherlands.
Want to brush up on your hacker nomenclature? Check out the dA-Zed guide to hacking.
Editor's Note: This article was amended on 12 September at 17:30 to reflect an erroneous summary of last week's developments. Rather than being a breaking development, as was implied in the earlier version of this text, the NSA's efforts against encryption have been ongoing for over a decade, and their methodologies were (and are) far more comprehensive than what was previously implied.